GDPR – GENERAL DATA PROTECTION REGULATION
MYTH 1: “GDPR IS NEW LEGISLATION”
- No, it is not! It’s an extension of the current Data Protection Act 1998 in the UK – it takes some elements that are “best practice” currently and will make them a legal requirement.
- Yes, there will be a new Act of Parliament but it will bring in national derogations.
Check Progress of the Data Protection Bill.
MYTH 2: “CONSENT IS NEEDED FOR ALL PROCESSING”
- Codswallop! Consent is only one of 6 legal basis for processing under GDPR! So, use one of the others!
- DIRECT MARKETING: The one occasion when you DO need consent to process and it needs to be clear.
- NO MORE PRE-TICKED BOXES! – THEY WILL BE ILLEGAL!
“Consent” is being discussed in Europe December 2017 – so ICO guidance will issue a final version early 2018.
Find out about the 6 Legal Basis for Processing under GDPR.
MYTH 3: “I’VE GOT TO CHANGE ALL MY EXISTING SYSTEMS”!
- NO! Rubbish! “Privacy by Design” makes legislation fit your tried n tested systems that work for you!
- Be transparent about compliance!
MYTH 4: “I MUST HAVE A DATA PROTECTION OFFICER (DPO)”
- PIFFLE! Under GDPR – the European Working Party (who lead on this) state that PUBLIC AUTHORITIES must appoint a DPO.
- YES, you do need a central contact, but not a formal DPO
MYTH 5: ITS GONNA COST A BOMB TO PUT IN PLACE!
- No, it doesn’t cost the earth… Contact us for a quote.
Many thanks to Robyn Banks @ AdaVista for busting these five common GDPR Myths.
Contact us for support preparing for GDPR.